BrianKrebs @briankrebs@infosec.exchange
Public

New, from me: Who Operates the Badbox 2.0 Botnet?

The cybercriminals in control of Kimwolf -- a disruptive botnet that has infected more than 2 million devices -- recently shared a screenshot indicating they'd compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say they are hunting for the people behind Badbox 2.0, and thanks to bragging by the Kimwolf botmasters we may now have a much clearer idea about that.

krebsonsecurity.com/2026/01/wh

A web-based control panel, allegedly for the Badbox 2.0 botnet, at the ip address 45.134.212.95. This users panel lists seven authorized users, all but one of which have email addresses ending in the chinese email service qq.com. Two of the users on this list map directly to domains tied to the Badbox 2.0 botnet.
0
0
0

If you have a fediverse account, you can quote this note from your own instance. Search https://infosec.exchange/users/briankrebs/statuses/115962288994501779 on your instance and quote it. (Note that quoting is not supported in Mastodon.)